Course Completion Assessment & Survey
Cybersecurity Essentials: Course Final Exam Answers
1. Which of the following statements describes a distributed denial of service (DDoS) attack?
- An attacker sends an enormous quantity of data that a server cannot handle, using a botnet
- An attacker builds a botnet comprised of zombie devices
- A computer accepts data packets based on the MAC address of another computer
- An attacker views network traffic to gain access to authentication credentials
2. Which of the following is a nontechnical method often used by cybercriminals to gather sensitive information about an organization?
- Pharming
- Man-in-the-middle
- Ransomware
- Social engineering
3. What do you call an impersonation attack that takes advantage of a trusted relationship between two systems?
- Spamming
- Man-in-the-middle
- Spoofing
- Sniffing
4. A penetration test carried out by an organization identified a backdoor on the network. What action should the organization take to find out if their systems have been compromised?
- Scan the systems for viruses
- Look for unauthorized accounts
- Look for policy changes in Event Viewer
- Look for usernames that do not have passwords
5. Several @Apollo employees have reported that the network access is slow. After investigation, the network administrator has learned that one employee downloaded a third-party scanning program for the printer. What type of malware might have been introduced that is causing slow performance of the network?
- Spam
- Phishing
- Worm
- Virus
6. Which of the following is a feature of a cryptographic hash function?
- The output has a variable length
- Hashing requires a public and private key
- The hash input can be calculated given the output value
- The hash function has a one-way mathematical function
7. Before data is sent out for analysis, what technique can be used to replace sensitive data in non-production environments to protect the underlying information?
- Steganalysis
- Data masking substitution
- Software obfuscation
- Steganography
8. Which of the following processes are examples of logical access controls? (Select three correct answers)
- Biometrics to validate physical characteristics
- Firewalls to monitor traffic
- Swipe cards to allow access to a restricted area
- Guards to monitor security screens
- Fences to protect the perimeter of a building
- Intrusion detection system to watch for suspicious network activity
9. Which of the following technologies can be implemented as part of an authentication system to verify the identity of employees? (Select two correct answers)
- A fingerprint
- A SHA-1 hash
- A smart card reader
- A mantrap
10. Two @Apollo employees use the same password to log in to the network, which means that both people have the exact same hash for their passwords. What could be implemented to prevent this?
- RSA
- Peppering
- Pseudo-random generator
- Salting
11. What term is used to describe the science of making and breaking secret codes?
- Spoofing
- Cryptography
- Jamming
- Factorization
- Impersonation
12. You are using a public key encryption to exchange a message with one of your colleagues. Which key should you use to encrypt your message?
- Your colleague’s public key
- Your public key
- Your colleague’s private key
- Your private key
13. Which of the following are states of data? (Select three correct answers)
- Data in transit
- Data in process
- Data in storage
- Decrypted data
- Purged data
- Encrypted data
14. Passwords, passphrases and PINs are examples of which of the following security terms?
- Authentication
- Authorization
- Access
- Identification
15. Which of the following hashing technologies requires the exchange of keys?
- MD5
- AES
- Salting
- HMAC
16. What type of cipher encrypts plaintext one byte or one bit at a time?
- Block
- Elliptical
- Enigma
- Stream
- Hash
17. You have a large amount of data that needs to be kept confidential. What algorithm would best meet your requirement?
- Diffie-Hellman
- RSA
- ECC
- 3DES
18. Which 128-bit block cipher encryption algorithm does the U.S. government use to protect classified information?
- Skipjack
- AES
- Vigenere
- Caesar
- 3DES
19. You have been asking to implement a data integrity program to protect data files that need to be electronically downloaded by @Apollo employees. You decide to use the strongest hashing algorithm available. Which hash algorithm would you choose?
- AES
- SHA-256
- MD5
- SHA-1
20. What type of access control do smart cards and biometrics provide?
- Technological
- Administrative
- Logical
- Physical
21. What name is given to the method that tries all possible password combinations until a match is found?
- Cryptographic
- Brute force
- Birthday
- Dictionary
- Cloud
- Rainbow tables
22. Which wireless standard made AES and CCM mandatory?
- WPA
- WEP2
- WPA2
- WEP
23. Which of the following protocols would you use to provide security for employees that access an organization’s systems remotely from home?
- WPA
- SCP
- Telnet
- SSH
24. Mutual authentication can prevent which type of attack?
- Wireless IP spoofing
- Wireless sniffing
- Man-in-the-middle
- Wireless poisoning
25. @Apollo permits employees to work from home. Which technology should be implemented to ensure data confidentiality as it is transmitted?
- SHS
- RAID
- VLANs
- VPN
26. Which of the following protocols use the Advanced Encryption Standard (AES)? (Select two correct answers)
- WEP
- WPA
- EAP
- TKIP
- WPA2
27. What does the term BYOD mean?
- Bring your own decision
- Buy your own device
- Bring your own device
- Baseline your own disaster
28. What solution should be used to enforce the security policy that a computing device must be updated with the latest antimalware software before it can connect to an organization’s network?
- NAC
- VPN
- SAN
- NAS
29. You have been asked to work with fellow @Apollo employees to improve data integrity during initial data entry and data modification operations. Several staff members ask you why the new data entry screens limit the types and size of data that can be entered into specific fields. You explain that this is a data integrity control. What does this mean?
- A limitation rule which has been implemented to prevent unauthorized staff from entering sensitive data
- Data encryption operations that prevent any unauthorized users from accessing sensitive data
- Data entry controls which only allow entry staff to view current data
- A validation rule which has been implemented to ensure completeness, accuracy and consistency of data
30. As part of the cybersecurity team at @Apollo, you want to verify the identity of each client looking to log on to our website to pay the money they owe. Which technology would you implement to authenticate and verify such electronic transactions?
- Symmetric encryption
- Asymmetric encryption
- Digital certificates
- Data hashing
31. What Windows utility should be used to configure password rules and account lockout policies on a system that is not part of a domain?
- The Computer Management tool
- The Event Viewer Security log
- The Local Security Policy tool
- The Active Directory Security tool
32. What technology should you implement to ensure that an individual cannot later claim that he or she did not sign a given document?
- Digital certificate
- Digital signature
- HMAC
- Asymmetric encryption
33. The X.509 standard defines which of the following security technologies?
- Security tokens
- Digital certificates
- Biometrics
- Strong passwords
34. Being able to maintain availability during disruptive events describes which of the principles of high availability?
- Single point of failure
- Uninterruptible services
- Fault tolerance
- System resiliency
35. What protection does a one meter high fence provide?
- The fence deters determined intruders
- The fence offers limited delay to determined intruders
- The fence deters casual trespassers only
- The fence prevents casual trespassers
36. When comparing biometric systems, what is the crossover error rate?
- The point at which the rate of acceptability and the rate of false negatives converge
- The point at which the rate of false positives and the acceptability rate are the same
- Where the rate of rejection and the rate of false negatives meet
- The point at which the rate of false negatives and the rate of false positives are the same
37. Your organization has recently adopted a five nines program for two critical database servers. What type of controls will this involve?
- Limiting access to the data on the systems
- Stronger encryption systems
- Remote access to thousands of external users
- Improving reliability and uptime of the servers
38. Which of the following is considered a natural disaster?
- An earthquake
- A power failure
- Water damage resulting from sprinkler failure
- A labor strike
39. Keeping data backups offsite is an example of which type of disaster recovery control?
- Corrective
- Preventive
- Detective
- Management
40. Which of the following is a critical step when carrying out a business impact analysis (BIA)?
- Determining if a warm or hot site will be used
- Creating a vendor contact list
- Identifying acceptable recovery times
- Documenting application vulnerabilities
41. What is an example of a business continuity plan?
- Identifying critical business processes, resources and relationships between systems by focusing on the consequences of an interruption to critical business functions
- Getting critical systems to another location while the repair of the original facility is underway
- Ensuring critical systems are online during a disaster
- Identifying and analyzing potential events that may negatively impact an organization’s assets
42. What values are required to calculate annual loss expectancy? (Choose two correct answers)
- Single loss expectancy
- Asset value
- Frequency factor
- Annualized rate of occurrence
- Exposure factor
43. @Apollo wants to adopt a labeling system based on the value, sensitivity and criticality of the information it handles. What element of risk management would you recommend?
- Asset availability
- Asset standardization
- Asset classification
- Asset identification
44. An organization has installed antimalware. What type of security control is this?
- Detective control
- Deterrent control
- Compensative control
- Recovery control
45. In which of the following situations would a detective control be warranted?
- When an organization needs to repair damage
- When an organization cannot use a guard dog and must therefore consider alternative control options
- To restore an organization’s system to a normal state after experiencing a breach
- When an organization needs to identify prohibited activity
46. An organization only installs applications that meet its guidelines, and administrators increase security by eliminating all other applications. What is this called?
- Asset availability
- Asset identification
- Asset classification
- Asset standardization
47. What risk mitigation strategy includes outsourcing services and purchasing insurance?
- Risk transfer
- Risk reduction
- Risk acceptance
- Risk avoidance
48. Which framework would you recommend for establishing a comprehensive information security management system in an organization?
- ISO/IEC 27000
- ISO OSI model
- NIST/NICE Framework
- CIA Triad
49. An organization does not have a blueprint for its cybersecurity program. What type of policies does it need to develop?
- Acceptable use policies
- Issue-specific policies
- System-specific policies
- A master cybersecurity policy
50. What national resource was developed as a result of a U.S. Executive Order following a ten-month collaborative study involving over 3,000 security professionals?
- NIST Framework
- ISO OSI model
- The National Vulnerability Database
- ISO/IEC 27000